While there are many compelling benefits to Software-as-a-Service solutions like Salesforce, SuccessFactors, and Gmail, there are also privacy, security and compliance inhibitors which arise from the fact that SaaS application data is stored in clear text.

For many organizations, encrypting the communication between users and SaaS applications is simply not enough. Some large organizations have resorted to installing SaaS applications in their datacenters to meet privacy, security and compliance requirements. This way they get some of the SaaS application benefits but still must endure the real estate, power, hardware, communications, and associated administrative expenses themselves.

Some organizations have restricted the use of SaaS applications to those where clear-text data does not run afoul of regulatory issues.

The ideal solution would be to encrypt data on the way into and back out of the SaaS applications. SaaS backup solutions, for example, have been doing this for years. The file metadata stays in clear text but the files themselves are encrypted. However, for data-oriented applications like Salesforce, SuccessFactors, and Gmail, standard data encryption does not work because once the data is encrypted, you cannot search or sort on it.

Finally, a solution has come to market – Navajo Systems – which allows you to meet regulatory compliance requirements for storing, for example, Personally Identifiable Information (PII) and Protected Health Information (PHI) in SaaS applications. Navajo’s breakthrough is an encryption algorithm which allows searching and sorting. In other words, data is encrypted before it leaves your organization and is stored in the SaaS application in that same encrypted form, yet can be searched and sorted in a way that is both transparent to the SaaS application and to the users!!

Only you have the encryption keys. No one at the SaaS vendor can read your data. Full disclosure, Cymbel is partnering with Navajo. We would be glad to show you exactly how this works.

It’s hard to believe that Firesheep is only two weeks old. In response to Firesheep, Microsoft said it will convert its Hotmail / Windows Live email service to SSL. Google did this for Gmail some time ago, well before Firesheep.